Description
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Products
Questions to Ask Vendors
- Have you updated all instances of SysAid On-Premises to version 24.4.60 b16 or later to mitigate the risk of CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777?
- Can you confirm that all external access points to SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) have been appropriately secured or restricted from unauthorized external connections to prevent XML External Entity (XXE) injection and Server-Side Request Forgery (SSRF)?
- Have you implemented monitoring measures to detect suspicious or malicious requests targeting the SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) that were previously vulnerable to XXE injection and SSRF?
- Have you reviewed and updated your incident response procedures to ensure rapid identification and remediation capabilities for XXE-based vulnerabilities, specifically those identified in CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777?
Recommended Actions
- Ensure all external access points to SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) are appropriately secured or restricted from unauthorized external connections.
- Monitor SysAid server logs actively for signs of suspicious or malicious requests targeting these endpoints.
- Review incident response procedures, ensuring rapid identification and remediation capabilities for XXE-based vulnerabilities.
- Upgrade SysAid Immediately: Update to SysAid On-Premises version 24.4.60 b16 or later. Since this vulnerability is tagged as 'Medium,' it's important to verify whether you're using the affected product.
References